EUVD-2006-1440

Malware in sbrugna...

CVE-2006-1436

Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...

CVE-2006-1436

CVE-2006-1436 describes multiple cross-site scripting (XSS) vulnerabilities in the UPOINT @1 Event Publisher. The issue allows remote attackers to inject arbitrary web script or HTML via the following fields: Event, Description, Time, Website, and Public Remarks, targeting both the admin page (ev...

CVE-2006-1437

The CVE-2006-1437 entry concerns UPOINT @1 Event Publisher where sensitive information is stored under the web document root with insufficient access control. This allows remote attackers to read private comments by requesting eventpublisher.txt directly. Concrete details present in connected reco...

CVE-2006-1436

Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...

CVE-2006-1437

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...